externalaccount

Documentation

Index

• type ClientAuthentication
  • func (c *ClientAuthentication) InjectAuthentication(values url.Values, headers http.Header)
• type Config
  • func (c *Config) TokenSource(ctx context.Context) oauth2.TokenSource
• type CredentialSource
• type Error
  • func (err *Error) Error() string
• type STSTokenExchangeRequest
• type STSTokenExchangeResponse
  • func ExchangeToken(ctx context.Context, endpoint string, request *STSTokenExchangeRequest, ...) (*STSTokenExchangeResponse, error)

Types

type ClientAuthentication

type ClientAuthentication struct {
	// AuthStyle can be either basic or request-body
	AuthStyle    oauth2.AuthStyle
	ClientID     string
	ClientSecret string
}

ClientAuthentication represents an OAuth client ID and secret and the mechanism for passing these credentials as stated in rfc6749#2.3.1.

func (*ClientAuthentication) InjectAuthentication

func (c *ClientAuthentication) InjectAuthentication(values url.Values, headers http.Header)

type Config

type Config struct {
	Audience                       string
	SubjectTokenType               string
	TokenURL                       string
	TokenInfoURL                   string
	ServiceAccountImpersonationURL string
	ClientSecret                   string
	ClientID                       string
	CredentialSource               CredentialSource
	QuotaProjectID                 string
	Scopes                         []string
}

Config stores the configuration for fetching tokens with external credentials.

func (*Config) TokenSource

func (c *Config) TokenSource(ctx context.Context) oauth2.TokenSource

TokenSource Returns an external account TokenSource struct. This is to be called by package google to construct a google.Credentials.

type CredentialSource

type CredentialSource struct {
	File string `json:"file"`

	URL     string            `json:"url"`
	Headers map[string]string `json:"headers"`

	EnvironmentID               string `json:"environment_id"`
	RegionURL                   string `json:"region_url"`
	RegionalCredVerificationURL string `json:"regional_cred_verification_url"`
	CredVerificationURL         string `json:"cred_verification_url"`
	Format                      format `json:"format"`
}

CredentialSource stores the information necessary to retrieve the credentials for the STS exchange.

type Error

type Error struct {
	Code        string
	URI         string
	Description string
}

Error for handling OAuth related error responses as stated in rfc6749#5.2.

func (*Error) Error

func (err *Error) Error() string

type STSTokenExchangeRequest

type STSTokenExchangeRequest struct {
	ActingParty struct {
		ActorToken     string
		ActorTokenType string
	}
	GrantType          string
	Resource           string
	Audience           string
	Scope              []string
	RequestedTokenType string
	SubjectToken       string
	SubjectTokenType   string
}

STSTokenExchangeRequest contains fields necessary to make an oauth2 token exchange.

type STSTokenExchangeResponse

type STSTokenExchangeResponse struct {
	AccessToken     string `json:"access_token"`
	IssuedTokenType string `json:"issued_token_type"`
	TokenType       string `json:"token_type"`
	ExpiresIn       int    `json:"expires_in"`
	Scope           string `json:"scope"`
	RefreshToken    string `json:"refresh_token"`
}

STSTokenExchangeResponse is used to decode the remote server response during an oauth2 token exchange.

func ExchangeToken

func ExchangeToken(ctx context.Context, endpoint string, request *STSTokenExchangeRequest, authentication ClientAuthentication, headers http.Header, options map[string]interface{}) (*STSTokenExchangeResponse, error)

ExchangeToken performs an oauth2 token exchange with the provided endpoint. The first 4 fields are all mandatory. headers can be used to pass additional headers beyond the bare minimum required by the token exchange. options can be used to pass additional JSON-structured options to the remote server.